FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayVulnerabilities

Red Hat Security Advisory 2023-1888-01

Red Hat Security Advisory 2023-1888-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single consoleβ€”with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service and server-side request forgery vulnerabilities.
  • April 20th 2023 at 16:14
  • β†—

Ubuntu Security Notice USN-6034-1

Ubuntu Security Notice 6034-1 - It was discovered that Dnsmasq was sending large DNS messages over UDP, possibly causing transmission failures due to IP fragmentation. This update lowers the default maximum size of DNS messages to improve transmission reliability over UDP.
  • April 20th 2023 at 16:14
  • β†—

Ubuntu Security Notice USN-6033-1

Ubuntu Security Notice 6033-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
  • April 20th 2023 at 16:12
  • β†—

WordPress PowerPress 10.0 Cross Site Scripting

WordPress PowerPress plugin versions 10.0 and below suffer from a persistent cross site scripting vulnerability.
  • April 20th 2023 at 16:07
  • β†—

Red Hat Security Advisory 2023-1899-01

Red Hat Security Advisory 2023-1899-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
  • April 20th 2023 at 16:04
  • β†—

Ubuntu Security Notice USN-6032-1

Ubuntu Security Notice 6032-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service. Gerald Lee discovered that the USB Gadget file system implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
  • April 20th 2023 at 16:01
  • β†—

Ubuntu Security Notice USN-6031-1

Ubuntu Security Notice 6031-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Integrity Measurement Architecture implementation in the Linux kernel did not properly enforce policy in certain conditions. A privileged attacker could use this to bypass Kernel lockdown restrictions.
  • April 20th 2023 at 15:57
  • β†—

Red Hat Security Advisory 2023-1893-01

Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.
  • April 20th 2023 at 15:55
  • β†—

Ubuntu Security Notice USN-6028-1

Ubuntu Security Notice 6028-1 - It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.
  • April 20th 2023 at 15:52
  • β†—

Red Hat Security Advisory 2023-1822-01

Red Hat Security Advisory 2023-1822-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
  • April 20th 2023 at 15:52
  • β†—

Ubuntu Security Notice USN-6029-1

Ubuntu Security Notice 6029-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service.
  • April 20th 2023 at 15:51
  • β†—

Ubuntu Security Notice USN-6030-1

Ubuntu Security Notice 6030-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.
  • April 20th 2023 at 15:51
  • β†—

Red Hat Security Advisory 2023-1879-01

Red Hat Security Advisory 2023-1879-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
  • April 20th 2023 at 15:43
  • β†—

Ubuntu Security Notice USN-6027-1

Ubuntu Security Notice 6027-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
  • April 20th 2023 at 15:43
  • β†—

[webapps] FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)

FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
  • April 20th 2023 at 00:00
  • β†—

[webapps] Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)

Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)
  • April 20th 2023 at 00:00
  • β†—

[remote] Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)

Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)
  • April 20th 2023 at 00:00
  • β†—

[local] Linux Kernel 6.2 - Userspace Processes To Enable Mitigation

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation
  • April 20th 2023 at 00:00
  • β†—

[webapps] Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)

Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)
  • April 20th 2023 at 00:00
  • β†—

[webapps] Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
  • April 20th 2023 at 00:00
  • β†—

[webapps] ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)

ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)
  • April 20th 2023 at 00:00
  • β†—

[webapps] Chitor-CMS v1.1.2 - Pre-Auth SQL Injection

Chitor-CMS v1.1.2 - Pre-Auth SQL Injection
  • April 20th 2023 at 00:00
  • β†—

[local] AspEmail v5.6.0.2 - Local Privilege Escalation

AspEmail v5.6.0.2 - Local Privilege Escalation
  • April 20th 2023 at 00:00
  • β†—

[webapps] Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)

Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)
  • April 20th 2023 at 00:00
  • β†—

[webapps] GDidees CMS 3.9.1 - Local File Disclosure

GDidees CMS 3.9.1 - Local File Disclosure
  • April 20th 2023 at 00:00
  • β†—

[webapps] Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)

Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)
  • April 20th 2023 at 00:00
  • β†—

[local] File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control

File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control
  • April 20th 2023 at 00:00
  • β†—

[webapps] Serendipity 2.4.0 - Cross-Site Scripting (XSS)

Serendipity 2.4.0 - Cross-Site Scripting (XSS)
  • April 20th 2023 at 00:00
  • β†—

[webapps] Bang Resto v1.0 - 'Multiple' SQL Injection

Bang Resto v1.0 - 'Multiple' SQL Injection
  • April 20th 2023 at 00:00
  • β†—

[remote] Franklin Fueling Systems TS-550 - Default Password

Franklin Fueling Systems TS-550 - Default Password
  • April 20th 2023 at 00:00
  • β†—

Ubuntu Security Notice USN-6024-1

Ubuntu Security Notice 6024-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
  • April 19th 2023 at 13:03
  • β†—

Ubuntu Security Notice USN-6026-1

Ubuntu Security Notice 6026-1 - It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
  • April 19th 2023 at 13:03
  • β†—

Ubuntu Security Notice USN-6025-1

Ubuntu Security Notice 6025-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
  • April 19th 2023 at 13:03
  • β†—

Red Hat Security Advisory 2023-1817-01

Red Hat Security Advisory 2023-1817-01 - Network Observability 1.2.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. This update contains bug fixes. Issues addressed include a denial of service vulnerability.
  • April 19th 2023 at 13:02
  • β†—

Red Hat Security Advisory 2023-1841-01

Red Hat Security Advisory 2023-1841-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
  • April 19th 2023 at 13:02
  • β†—

Red Hat Security Advisory 2023-1842-01

Red Hat Security Advisory 2023-1842-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
  • April 19th 2023 at 13:02
  • β†—

Red Hat Security Advisory 2023-1823-01

Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
  • April 18th 2023 at 17:33
  • β†—

Red Hat Security Advisory 2023-1809-01

Red Hat Security Advisory 2023-1809-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
  • April 18th 2023 at 17:33
  • β†—

Ubuntu Security Notice USN-6010-2

Ubuntu Security Notice 6010-2 - USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. Zx from qriousec discovered that Firefox did not properly validate the address to free a pointer provided to the memory manager. An attacker could potentially exploits this issue to cause a denial of service. Alexis aka zoracon discovered that Firefox did not properly validate the URI received by the WebExtension during a load request. An attacker could potentially exploits this to obtain sensitive information. Trung Pham discovered that Firefox did not properly validate the filename directive in the Content-Disposition header. An attacker could possibly exploit this to perform reflected file download attacks potentially tricking users to install malware. Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. An attacker could potentially exploits this issue to execute arbitrary code.
  • April 18th 2023 at 17:33
  • β†—

Red Hat Security Advisory 2023-1810-01

Red Hat Security Advisory 2023-1810-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
  • April 18th 2023 at 17:18
  • β†—

Red Hat Security Advisory 2023-1815-01

Red Hat Security Advisory 2023-1815-01 - Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases. Issues addressed include an information leakage vulnerability.
  • April 18th 2023 at 17:18
  • β†—

Red Hat Security Advisory 2023-1811-01

Red Hat Security Advisory 2023-1811-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
  • April 18th 2023 at 17:15
  • β†—

Red Hat Security Advisory 2023-1802-01

Red Hat Security Advisory 2023-1802-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
  • April 18th 2023 at 17:15
  • β†—

Red Hat Security Advisory 2023-1804-01

Red Hat Security Advisory 2023-1804-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
  • April 18th 2023 at 17:12
  • β†—

Red Hat Security Advisory 2023-1803-01

Red Hat Security Advisory 2023-1803-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
  • April 18th 2023 at 17:11
  • β†—

Red Hat Security Advisory 2023-1805-01

Red Hat Security Advisory 2023-1805-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
  • April 18th 2023 at 17:05
  • β†—

Red Hat Security Advisory 2023-1806-01

Red Hat Security Advisory 2023-1806-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
  • April 18th 2023 at 17:05
  • β†—

[CVE-2023-22620] SecurePoint UTM <= 12.2.5 β€œspcgi.cgi” sessionId Information Disclosure Allowing Device Takeover

Posted by Julien Ahrens (RCE Security) on Apr 18

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SecurePoint UTM
Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2023-01-05
Date published: 2023-04-11
CVSSv3 Score: 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE: CVE-2023-22620

2....
  • April 18th 2023 at 07:18
  • β†—

[CVE-2023-22897] SecurePoint UTM <= 12.2.5 β€œspcgi.cgi” Remote Memory Contents Information Disclosure

Posted by Julien Ahrens (RCE Security) on Apr 18

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SecurePoint UTM
Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn
Type: Use of Uninitialized Variable [CWE-457]
Date found: 2023-01-05
Date published: 2023-04-12
CVSSv3 Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2023-22897

2. CREDITS
==========
This...
  • April 18th 2023 at 07:18
  • β†—

Debian Security Advisory 5390-1

Debian Linux Security Advisory 5390-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code.
  • April 17th 2023 at 15:22
  • β†—

Red Hat Security Advisory 2023-1677-01

Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.
  • April 17th 2023 at 15:22
  • β†—

Ubuntu Security Notice USN-6023-1

Ubuntu Security Notice 6023-1 - It was discovered that LibreOffice may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
  • April 17th 2023 at 15:22
  • β†—

Ubuntu Security Notice USN-6022-1

Ubuntu Security Notice 6022-1 - It was discovered that Kamailio did not properly sanitize SIP messages under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and 18.04 ESM. It was discovered that Kamailio did not properly validate INVITE requests under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.
  • April 17th 2023 at 15:22
  • β†—

Red Hat Security Advisory 2023-1788-01

Red Hat Security Advisory 2023-1788-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Issues addressed include double free and file download vulnerabilities.
  • April 17th 2023 at 15:17
  • β†—

Red Hat Security Advisory 2023-1786-01

Red Hat Security Advisory 2023-1786-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Issues addressed include double free and file download vulnerabilities.
  • April 17th 2023 at 15:12
  • β†—

Red Hat Security Advisory 2023-1787-01

Red Hat Security Advisory 2023-1787-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Issues addressed include double free and file download vulnerabilities.
  • April 17th 2023 at 15:12
  • β†—

Ubuntu Security Notice USN-5855-4

Ubuntu Security Notice 5855-4 - USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.
  • April 17th 2023 at 15:12
  • β†—

Red Hat Security Advisory 2023-1785-01

Red Hat Security Advisory 2023-1785-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Issues addressed include double free and file download vulnerabilities.
  • April 17th 2023 at 14:52
  • β†—

Red Hat Security Advisory 2023-1789-01

Red Hat Security Advisory 2023-1789-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Issues addressed include double free and file download vulnerabilities.
  • April 17th 2023 at 14:48
  • β†—

Debian Security Advisory 5389-1

Debian Linux Security Advisory 5389-1 - Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS). This update also fixes a regression introduced in previous update that may block certain access for apps using development environment.
  • April 17th 2023 at 14:47
  • β†—
❌