Red Hat Security Advisory 2023-3361-01

Red Hat Security Advisory 2023-3361-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Red Hat Security Advisory 2023-3351-01

Red Hat Security Advisory 2023-3351-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3349-01

Red Hat Security Advisory 2023-3349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3350-01

Red Hat Security Advisory 2023-3350-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3360-01

Red Hat Security Advisory 2023-3360-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. "apr-util" is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3380-01

Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Ubuntu Security Notice USN-6112-2

Ubuntu Security Notice 6112-2 - USN-6112-1 fixed vulnerabilities in Perl. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-3373-02

Red Hat Security Advisory 2023-3373-02 - Migration Toolkit for Runtimes 1.1.0 Images. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3353-01

Red Hat Security Advisory 2023-3353-01 - Multicluster Engine for Kubernetes 2.0.9 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-3382-01

Red Hat Security Advisory 2023-3382-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3374-01

Red Hat Security Advisory 2023-3374-01 - Migration Toolkit for Runtimes 1.1.0 ZIP artifacts. Issues addressed include a denial of service vulnerability.

[webapps] Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)

Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)

[webapps] MotoCMS Version 3.4.3 - SQL Injection

MotoCMS Version 3.4.3 - SQL Injection

[webapps] Total CMS 1.7.4 - Remote Code Execution (RCE)

Total CMS 1.7.4 - Remote Code Execution (RCE)

[webapps] File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)

File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)

[webapps] STARFACE 7.3.0.10 - Authentication with Password Hash Possible

STARFACE 7.3.0.10 - Authentication with Password Hash Possible

[CVE-2023-29459] FC Red Bull Salzburg App "at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity" Arbitrary URL Loading

Posted by Julien Ahrens (RCE Security) on Jun 02

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: FC Red Bull Salzburg App
Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull
Type: Improper Authorization in Handler for Custom URL Scheme [CWE-939]
Date found: 2023-04-06
Date published: 2023-06-01
CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2023-29459...

Ubuntu Security Notice USN-6134-1

Ubuntu Security Notice 6134-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6133-1

Ubuntu Security Notice 6133-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-6128-1

Ubuntu Security Notice 6128-1 - It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-3415-01

Red Hat Security Advisory 2023-3415-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes security and bug fixes.

Red Hat Security Advisory 2023-3408-01

Red Hat Security Advisory 2023-3408-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include double free and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6127-1

Ubuntu Security Notice 6127-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-3397-01

Red Hat Security Advisory 2023-3397-01 - QATzip is a user space library which builds on top of the Intel QuickAssist Technology user space library, to provide extended accelerated compression and decompression services by offloading the actual compression and decompression request to the Intel Chipset Series. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-3403-01

Red Hat Security Advisory 2023-3403-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3387-01

Red Hat Security Advisory 2023-3387-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3394-01

Red Hat Security Advisory 2023-3394-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

Red Hat Security Advisory 2023-3388-01

Red Hat Security Advisory 2023-3388-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.

[RT-SA-2022-004] STARFACE: Authentication with Password Hash Possible

Posted by RedTeam Pentesting GmbH on Jun 01

Advisory: STARFACE: Authentication with Password Hash Possible

RedTeam Pentesting discovered that the web interface of STARFACE as well
as its REST API allows authentication using the SHA512 hash of the
password instead of the cleartext password. While storing password
hashes instead of cleartext passwords in an application's database
generally has become best practice to protect users' passwords in case
of a database compromise, this...

Ubuntu Security Notice USN-6125-1

Ubuntu Security Notice 6125-1 - It was discovered that the snap sandbox did not restrict the use of the ioctl system call with a TIOCLINUX request. This could be exploited by a malicious snap to inject commands into the controlling terminal which would then be executed outside of the snap sandbox once the snap had exited. This could allow an attacker to execute arbitrary commands outside of the confined snap sandbox. Note: graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.

Ubuntu Security Notice USN-6126-1

Ubuntu Security Notice 6126-1 - It was discovered that libvirt incorrectly handled the nwfilter driver. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. It was discovered that libvirt incorrectly handled queries for the SR-IOV PCI device capabilities. A local attacker could possibly use this issue to cause libvirt to consume resources, leading to a denial of service.

Debian Security Advisory 5417-1

Debian Linux Security Advisory 5417-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

Ubuntu Security Notice USN-6123-1

Ubuntu Security Notice 6123-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.

Ubuntu Security Notice USN-6124-1

Ubuntu Security Notice 6124-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.

Ubuntu Security Notice USN-6117-1

Ubuntu Security Notice 6117-1 - It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6122-1

Ubuntu Security Notice 6122-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service.

Debian Security Advisory 5416-1

Debian Linux Security Advisory 5416-1 - It was discovered that there was a potential buffer overflow and denial of service vulnerability in the gdhcp client implementation of connman, a command-line network manager designed for use on embedded devices.

[webapps] Rukovoditel 3.3.1 - CSV injection

Rukovoditel 3.3.1 - CSV injection

[remote] Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

[webapps] Pydio Cells 4.1.2 - Server-Side Request Forgery

Pydio Cells 4.1.2 - Server-Side Request Forgery

[webapps] Online Security Guards Hiring System 1.0 - Reflected XSS

Online Security Guards Hiring System 1.0 - Reflected XSS

[webapps] Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download

Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download

[webapps] MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

[webapps] SCRMS 2023-05-27 1.0 - Multiple SQL Injection

SCRMS 2023-05-27 1.0 - Multiple SQL Injection

[webapps] Pydio Cells 4.1.2 - Unauthorised Role Assignments

Pydio Cells 4.1.2 - Unauthorised Role Assignments

[webapps] unilogies/bumsys v1.0.3 beta - Unrestricted File Upload

unilogies/bumsys v1.0.3 beta - Unrestricted File Upload

[webapps] Faculty Evaluation System 1.0 - Unauthenticated File Upload

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Ubuntu Security Notice USN-6121-1

Ubuntu Security Notice 6121-1 - It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-6111-1

Ubuntu Security Notice 6111-1 - It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-6119-1

Ubuntu Security Notice 6119-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher decryption on 64-bit ARM platforms. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.

Ubuntu Security Notice USN-6120-1

Ubuntu Security Notice 6120-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.

Widevine Trustlet 5.x / 6.x / 7.x PRDiagParseAndStoreData Buffer Overflow

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagParseAndStoreData at 0x5cc8.

Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagVerifyProvisioning at 0x5f90.

Widevine Trustlet 5.x drm_verify_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x7370.

Widevine Trustlet 5.x drm_verify_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x730c.

Widevine Trustlet 5.x drm_save_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x6a18.

Widevine Trustlet 5.x drm_save_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a drm_save_keys related buffer overflow.

Ubuntu Security Notice USN-6115-1

Ubuntu Security Notice 6115-1 - Max Chernoff discovered that LuaTeX did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands.