Red Hat Security Advisory 2023-3263-01

Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Ubuntu Security Notice USN-6042-2

Ubuntu Security Notice 6042-2 - USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a regression on Ubuntu 20.04 LTS resulting in a possible loss of networking. This update fixes the problem. James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

Red Hat Security Advisory 2023-3264-01

Red Hat Security Advisory 2023-3264-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Red Hat Security Advisory 2023-3278-01

Red Hat Security Advisory 2023-3278-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6088-2

Ubuntu Security Notice 6088-2 - USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. Felix Wilhelm discovered that runC incorrecly handled netlink messages. An attacker could possibly use this issue to escalate privileges.

Red Hat Security Advisory 2023-3262-01

Red Hat Security Advisory 2023-3262-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Red Hat Security Advisory 2023-3265-01

Red Hat Security Advisory 2023-3265-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

Red Hat Security Advisory 2023-3277-01

Red Hat Security Advisory 2023-3277-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

[webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

[webapps] Service Provider Management System v1.0 - SQL Injection

Service Provider Management System v1.0 - SQL Injection

Ubuntu Security Notice USN-5725-2

Ubuntu Security Notice 5725-2 - USN-5725-1 fixed a vulnerability in Go. This update provides the corresponding update for Ubuntu 16.04 LTS. Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service.

Ubuntu Security Notice USN-6073-9

Ubuntu Security Notice 6073-9 - USN-6073-4 fixed a vulnerability in os-brick. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-6

Ubuntu Security Notice 6073-6 - USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-7

Ubuntu Security Notice 6073-7 - USN-6073-2 fixed a vulnerability in Glance_store. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6099-1

Ubuntu Security Notice 6099-1 - It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.

Ubuntu Security Notice USN-6073-8

Ubuntu Security Notice 6073-8 - USN-6073-3 fixed a vulnerability in Nova. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

[webapps] ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

[webapps] eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)

eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)

[remote] Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

[webapps] PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

[webapps] thrsrossi Millhouse-Project 1.414 - Remote Code Execution

thrsrossi Millhouse-Project 1.414 - Remote Code Execution

[webapps] WBiz Desk 1.2 - SQL Injection

WBiz Desk 1.2 - SQL Injection

[webapps] SitemagicCMS 4.4.3 - Remote Code Execution (RCE)

SitemagicCMS 4.4.3 - Remote Code Execution (RCE)

[webapps] Stackposts Social Marketing Tool v1.0 - SQL Injection

Stackposts Social Marketing Tool v1.0 - SQL Injection

[local] Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

[webapps] Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] LeadPro CRM v1.0 - SQL Injection

LeadPro CRM v1.0 - SQL Injection

[local] Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

[webapps] eScan Management Console 14.0.1400.2281 - Cross Site Scripting

eScan Management Console 14.0.1400.2281 - Cross Site Scripting

[webapps] Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title

Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title

[webapps] FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

[webapps] WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

[remote] Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

[webapps] GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

[remote] Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

[remote] Screen SFT DAB 600/C - Authentication Bypass Account Creation

Screen SFT DAB 600/C - Authentication Bypass Account Creation

[remote] Screen SFT DAB 600/C - Authentication Bypass Password Change

Screen SFT DAB 600/C - Authentication Bypass Password Change

[remote] Screen SFT DAB 600/C - Authentication Bypass Erase Account

Screen SFT DAB 600/C - Authentication Bypass Erase Account

[webapps] Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

[webapps] PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

[local] MobileTrans 4.0.11 - Weak Service Privilege Escalation

MobileTrans 4.0.11 - Weak Service Privilege Escalation

[webapps] Quicklancer v1.0 - SQL Injection

Quicklancer v1.0 - SQL Injection

[webapps] Apache Superset 2.0.0 - Authentication Bypass

Apache Superset 2.0.0 - Authentication Bypass

[webapps] Smart School v1.0 - SQL Injection

Smart School v1.0 - SQL Injection

[webapps] CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)

CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)

[local] Trend Micro OfficeScan Client 10.0 - ACL Service LPE

Trend Micro OfficeScan Client 10.0 - ACL Service LPE

[webapps] Prestashop 8.0.4 - CSV injection

Prestashop 8.0.4 - CSV injection

[local] Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

[webapps] PnPSCADA v2.x - Unauthenticated PostgreSQL Injection

PnPSCADA v2.x - Unauthenticated PostgreSQL Injection

[webapps] Affiliate Me Version 5.0.1 - SQL Injection

Affiliate Me Version 5.0.1 - SQL Injection

[webapps] e107 v2.3.2 - Reflected XSS

e107 v2.3.2 - Reflected XSS

[webapps] TinyWebGallery v2.5 - Remote Code Execution (RCE)

TinyWebGallery v2.5 - Remote Code Execution (RCE)

[webapps] Best POS Management System v1.0 - Unauthenticated Remote Code Execution

Best POS Management System v1.0 - Unauthenticated Remote Code Execution

[remote] Optoma 1080PSTX Firmware C02 - Authentication Bypass

Optoma 1080PSTX Firmware C02 - Authentication Bypass

Red Hat Security Advisory 2023-3246-01

Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3247-01

Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Ubuntu Security Notice USN-5900-2

Ubuntu Security Notice 5900-2 - USN-5900-1 fixed vulnerabilities in tar. This update fixes it to Ubuntu 23.04. It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash.

Red Hat Security Advisory 2023-3245-01

Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Ubuntu Security Notice USN-6093-1

Ubuntu Security Notice 6093-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-3243-01

Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.